cron.weekly issue #43: Cryptography, 4.9 kernel, systemd, OpenLambda, Python & more!August 28, 2016 - Mattias Geniar
Welcome to cron.weekly issue #43 for Sunday August 28th, 2016.
This issue was co-written by my 2 year old daughter, so I’ll just blame any typos on her.
Podcast: Application Security & Cryptography
I recored a new SysCast podcast with Scott Arciszewski. We talk about securing online applications, the OWASP top 10, cache timing attacks, cryptography, the state of “secure PHP” and getting hacked.
A fun episode al themed around security.
Interested? Go have a listen.
A new attack on Triple-DES ciphers has been revealed. Long story short: if possible, disable Triple-DES in your webservers’ configuration. While the attack isn’t very practical to execute, it could compromise HTTPs connections.
A set of vulnerabilities have been disclosed, targeting HTTP caches (Squid, Apache Traffic Server, Akamai’s CDN, …). By exploiting inconsistenties in the Host-header this can eventually lead to HTTP cache poisoning.
This is a nice post comparing the speed of parallel compilation with hyperthreading: does hyperthreading help or not?
25 years ago, Linus Torvalds posted the famous “just a hobby, won’t be big and professional like gnu” post on the Minix mailing list. After 25 years, Linux is still going strong.
A big change for desktop Linux users: Wayland is going to be the new display server, replacing X after a really long time.
The 4.9 kernel is going to be the new LTS kernel, getting 2 years of active maintenance. The previous LTS kernel was 4.4.
This one is sure to cause some controversy: there’s a new systemd command called systemd-mount.
Tools & Projects
Make JSON greppable! gron transforms JSON into discrete assignments to make it easier to grep for what you want and see the absolute ‘path’ to it.
A utility for sending notifications, on demand and when commands finish.
It’s a theoretical approach to better DNS: by building it on top of the blockchain with Public Key Infrastructure (PKI). The theory sounds nice!
‘Serverless’ architectures are growing in size, OpenLambda attempts to be an open source, self-hosted, alternative to services like Amazons’ AWS, Google Cloud Functions and Azure Function.
The MISP threat sharing platform is a free and open source software helping information sharing of threat and cyber security indicators.
Lots of new stuff in this release: support for InfluxDB, timeperiod excludes (ie: when on holiday, don’t send alerts), faster restarts & more cool stuff.
Trailbot tracks your server’s logs and files, triggers Smart Policies upon potentially unwanted modifications and generates a tamper-proof audit trail of everything happening in the system.
Guides & Tutorials
Some good examples in this guide on the use of ‘lsof’, with real practical implementations. lsof lists file opened/in use by processes and can help you find the cause of a lot of problems.
Python is a really powerful language and many of the tools on Linux are written in python. There are plenty of code snippets and good explanations in this post to help you get started with python.
Some nice examples of common use patterns when working with iptables.
A slightly older article, but still relevant: how did we get from sh to bash and beyond?
Some sample bash code for getting mysqldump to store each table content in its own file, making it easier to do partial database restores.
Some good examples on iotop, dstat, atop, ioping and iostat.